Implementation Challenges with Browser Security IAB Technical Plenary, March 2012, Paris Moderator: Hannes Tschofenig.

Slides:

Advertisements

Similar presentations

IETF in the Browser Harald Alvestrand. The Purpose of the IETF The goal of the IETF is to make the Internet work better. The mission of the IETF is to.

Advertisements

Transport Layer Security (TLS) IETF-76 Chairs Joe Salowey Eric Rescorla

ICN RG Proposed Charter IETF–81 July 2011 Börje Ohlman & Dirk Kutscher.

HJ Lee / LG Electronics Setting Priorities and Next Steps - from TV makers point of view.

FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.

Mobility in Government Consolidation & Wrap-up Lee Naik3 Oct 2013.

Do current WWW Protocols work over Wireless and Small Screen Devices? Gabriel Montenegro Sun Microsystems Laboratories IAB Wireless Internetworking.

SOAP: Simple Object Access Protocol CS 795/895. Reference links Video: 2-M.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Small(er) Footprint for TLS Implementations Hannes Tschofenig Smart Object Security workshop, March 2012, Paris.

 Guy Jacob  Roee Shapiro Project B Spring, 2009 Cloudio  Project Supervisor: Eddie Bortnikov  Lab Chief Engineer: Dr. Ilana David.

OPC WPFHMI.NET.

IETF 91: Open Platform for NFV Collaboration with I2NSF Chris Donley 1.

ALLIANCE FOR TELECOMMUNICATIONS INDUSTRY SOLUTIONS (ATIS) UPDATE Susan Miller, President & CEO, ATIS GSC-18 Meeting, July 2014, Sophia Antipolis,

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

What are your questions and feedback? What happens when there is change or a service incident? What is the Service Health Dashboard? What is our communications.

Emory Mobile App Catalog Administration Part 1: Mobile App Processes & Background.

IT 210 The Internet & World Wide Web introduction.

Systems Analysis and Design in a Changing World, 6th Edition

Geneva, Switzerland, 17 October 2011 SDP technology view from Telecom Service Provider Mr. Jaroslaw Budzisz, VoIP & Mobile Network Laboratory Service Platforms.

Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

* Hassan Khan,Aaron Atwater,and Urs Hengartner. Outline Background Introduction for IA Previous work on IA challenge Introduction to Itus Itus for app.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

What I Know About OMA Or At least What I Think I’m Allowed To Say, as I Think This is All Public Knowledge Dean Willis November 20, 2002.

CIS 375—Web App Dev II Microsoft’s.NET. 2 Introduction to.NET Steve Ballmer (January 2000): Steve Ballmer "Delivering an Internet-based platform of Next.

Report from the “Smart Object Security Workshop 23 rd March 2012, Paris” Presenter: Hannes Tschofenig.

Opportunities for Mobile Enhanced Library Services and Collections Tito Sierra, NCSU Libraries JHU Libraries Assembly May 21, 2010.

Computing on the Cloud Jason Detchevery March 4 th 2009.

© Automotive OSGi Initiatives Rob van den Berg Siemens VDO Automotive.

Distributed Systems: Concepts and Design Chapter 1 Pages

Application of Open Source Strategy on Mobile Web Server Author: Carlo Vainio Supervisor:Professor Heikki Hämmäinen Instructor: M.Sc. Risto Aho, Nokia.

Linked-data and the Internet of Things Payam Barnaghi Centre for Communication Systems Research University of Surrey March 2012.

Getting the most out of ArcGIS Web Application Templates

Russ Housley IETF Chair Internet2 Spring Member Meeting 28 April 2009 Successful Protocol Development.

Building Rich Web Applications with Ajax Linda Dailey Paulson IEEE – Computer, October 05 (Vol.38, No.10) Presented by Jingming Zhang.

McLean HIGHER COMPUTER NETWORKING Lesson 6 Types of Browsers & WAP Explanation of browser functions Wireless access to the Internet Description of.

1 Introduction Why do managers need to understand and participate in IS decisions? –Today, every company is a technology company –IS must be managed as.

9 Systems Analysis and Design in a Changing World, Fourth Edition.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER THREE E-BUSINESS: ELECTRONIC BUSINESS VALUE CHAPTER.

CMS School Monthly Meeting March 2012 Jane Stanhope March 26, 2012.

Esri UC 2014 | Technical Workshop | ArcGIS for Public Works: An Overview Lindsay Thomas Scott Oppmann.

Mobile: Today and Beyond Stuart Parmenter, Director of Mobile

Web Authorization Protocol (oauth) Hannes Tschofenig.

Web Services Using Visual.NET By Kevin Tse. Agenda What are Web Services and Why are they Useful ? SOAP vs CORBA Goals of the Web Service Project Proposed.

Diameter Maintenance and Extensions (dime) IETF 68, March 2007, Prague David Frascone, Hannes Tschofenig.

Tshilidzi Tshiredo. Introduction Long time ago even before technologies, social networking platforms and mobile devices, Dewey, J.( ) stated that.

Created by Presented by James Schultz Titanium. What is Titanium? An open, extensible development environment for creating beautiful native apps across.

Security Area Advisory Group Tim Polk Sean Turner July 29, 2010.

OAuth WG Blaine Cook, Hannes Tschofenig. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.

 AJAX technology  Rich User Experience  Characteristics  Real live examples  JavaScript and AJAX  Web application workflow model – synchronous vs.

Transport Layer Security (TLS) IETF-84 Chairs: Eric Rescorla Joe Salowey.

Emergency Context Resolution with Internet Technologies (ecrit) Hannes Tschofenig, Marc Linser Chairs.

If you are thinking about developing mobile application for your customer, this is an important aspect to consider the platform.

ECA-FAO DATA COLLECTION SYSTEM USING MOBILE DEVICES OVERVIEW Meriem Ait Ouyahia Statistician, African Centre for Statistics, ECA Fabio Grita System Support.

History Before designing web pages it is important to know how it all came about… History Channel – The Invention of the Internet History Channel – The.

Multicast in Information-Centric Networking March 2012.

Mobilizing Your SAS® Business Analytic Reports Falko Schulz Sr. Systems Engineer SAS Australia & New Zealand.

SMARTIE Area of Activity: Framework Programme 7Framework Programme 7 ICT Objective 1.4 IoT (Smart Cities) Period:1 st September st August 2016.

Mobile Application Test Case Automation

Apache Cordova Overview

Introduction Web Environments

ATIS Initiatives in Support of Smart Cities

History Before designing web pages it is important to know how it all came about… History Channel – The Invention of the Internet Start at 17mins.

API Application Services

How AngularJS Development Services different from other Framework - Kunsh Technologies.

ATIS Initiatives in Support of Smart Cities

Agenda IETF 82 Taipei November 14, 2011

Web Authorization Protocol (OAuth)

How to debug a website using IE F12 tools

Presentation transcript:

Implementation Challenges with Browser Security IAB Technical Plenary, March 2012, Paris Moderator: Hannes Tschofenig

Background and Motivation You may have noticed the increasing number of data breaches and security incidents. Many reasons for these problems: – misconfiguration, questionable operational practices, implementation bugs, etc. – Most aspects outside the scope of the IETF. To keep up with the changing threat landscape we have a long history in developing security protocols forming the foundation of today’s communication systems. Internet security is a large topic and therefore we have to focus our discussion today on the Web.

"The Web" (aka "the open web platform") is... the interlinked world you experience via your web browser(s) and/or mobile device(s) and their applications. a constantly and rapidly evolving ecosystem … – based on extensible dynamically-configurable foundation: DNS, TLS, HTTP, URIs, HTML, XML/JSON, JavaScript, etc. – with few barriers to experiment openly in the wild – Using self-modifying mobile code with browsers/devices are execution environments, but lack many of the protections that OSs have evolved. the basis for galaxies of non-trivial interlinked web application ecosystems delivering real value. See IAB technical plenary on “Post Standardization” (Prague IETF meeting, March 2011): and

Unfortunately, new exploits for the previously mentioned technologies emerge almost daily.

Key Questions How do we evolve the security characteristics of the web platform such that... – new web platform components can be slid "underneath" existing web apps while minimizing disruption – existing web apps can be smoothly enhanced to take advantage of new secure web platform features – entirely new web apps with better-than-present security characteristics are enabled Experience has shown the transition phase creates problems.

Plenary Agenda Panel members share their experience: – Eric Rescorla (RTFM) – Thomas Lowenthal (Mozilla) – Chris Weber (Casaba Security) – Ian Fette (Google) – Jeff Hodges (PayPal) Questions and feedback from the audience.